gcleaner | JaffaCakes118_6054a67bb37195d67b1c426893fd6e979894b284fa8a0f616a2264d722520888 | Triage

Sharing

General

Target

JaffaCakes118_6054a67bb37195d67b1c426893fd6e979894b284fa8a0f616a2264d722520888
Size

17.6MB
MD5

a19e67ffe4096840fa56a566f0bc6496
SHA1

2a1224deb02fd4d560d696ed4ca9f5615abcf4d6
SHA256

6054a67bb37195d67b1c426893fd6e979894b284fa8a0f616a2264d722520888
SHA512

7f384b51d293aa8b89fd7b256b9584ce6178f372a6ab9b0844b745190316b0300ab0feaf50b46c69e5a6cedf7e01cc119fafe474a388fff65b69d769be3dc329
SSDEEP

12288:sVtFVPSRE53jT9U/whnKZad2WB/m91jLOSfmi1xG:hHIBtSOd

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6054a67bb37195d67b1c426893fd6e979894b284fa8a0f616a2264d722520888

Files

JaffaCakes118_6054a67bb37195d67b1c426893fd6e979894b284fa8a0f616a2264d722520888
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ